Abstract
IPsec is the standard suite of protocols for network-layer confidentiality and authentication of Internet traffic. The IPsec protocols, however, do not address the policies for how protected traffic should be handled at security end points. This article introduces an efficient policy management scheme for IPsec, based on the principles of trust management. A compliance check is added to the IPsec architecture that tests packet filters proposed when new security associations are created for conformance with the local security policy, based on credentials presented by the peer host. Security policies and credentials can be quite sophisticated (and specified in the trust-management language), while still allowing very efficient packet-filtering for the actual IPsec traffic. We present a practical portable implementation of this design, based on the KeyNote trust-management language, that works with a variety of UNIX-based IPsec implementations. Finally, we discuss some applications of the enhanced IPsec architecture.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Cited by
15 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Toward Shared Ownership in the Cloud;IEEE Transactions on Information Forensics and Security;2018-12
2. Dealing with Collusion Attack in a Trust-Based MANET;Cybernetics and Systems;2018-11-17
3. A survey on data center networking for cloud computing;Computer Networks;2015-11
4. Commune;Proceedings of the 20th ACM Symposium on Access Control Models and Technologies;2015-06
5. Robust and flexible tunnel management for secure private cloud;ACM SIGAPP Applied Computing Review;2013-03